Yesterday, an exclusive report from LeMonde brought to light a French program similar to that of the United States NSA program PRISM, which was revealed last month by former NSA employee Edward Snowden. Naturally, the program had many surprised, though admittedly less so than that of the US program, as we have also learned of a similar program in the UK, and can expect that almost every country has (or is in the process of setting up) a similar program.
For France’s part, there are two key characteristics that caught my attention. First, there’s no law for or against the digital spying – it has been coined “a-legal” – which differs from the US government, which openly approved PRISM (and will now have to face their delegations because of it). The second thing that struck me is that France is gathering metadata – that is, not data. They don’t know “what,” they know “when” & “with whom.” Yes, you made a phone call to your friend yesterday. No, they don’t know you were discussing sensitive information.
With those points aside, there are many questions to be asked. Are we shocked that these programs exist? No. Should we be? Maybe. France’s project gives access to several different government departments to run checks on this information. Then again, if you’ve ever interacted with any government entity, you know that there’s no way that they have processes efficient enough to make use of the potential information they have in front of them. But it raises ‘personal space’ questions. If my phone calls, my website visits, and my tele-actions are not sacred, should I get a VPN?
When PRISM first arose, it reassured the mountains of “not American” cloud hosting services that exist in the US. “Don’t want to be spied on by the NSA? Try Us!” Doesn’t really sound like a great sales pitch, does it? Especially when “us” is also being spied on by the French government. Personally, I don’t see the privacy issue scaring away too many clients, unless you were already dealing with some shady data. I’d like to think that enterprise-level cloud security could outsmart the NSA’s ability to track you, but startups in Germany like Protonet and Forgetbox here in France are already looking to capitalize on European distrust of the US.
The subject itself raises questions about why France has had just a malevolent relationship with international internet companies. We know that France has been spying on user activity on sites like Yahoo & Facebook, but maybe it’s not as easy as they’d like it to be to get that data. This may very well be false, but these programs raise the question about motives, and will probably resonate through international foreign relations discussions for years to come: are you pushing this because it’s important, or because you want to know more about my citizens, my users, my people?
The European Commission seems pretty upset with the whole ordeal – after all, it’s their job to maintain international relations between European countries, and now a handful of them are spying on the rest. They’ve vowed to launch a full investigation into the PRISM scandal, especially into the claims that PRISM had bugged European governments and businesses.
The effects of the PRISM scandal are being felt less so by the citizens, who could care less if their Facebook statuses are being recorded & stored by the US, French, or any other government, but instead it is the businesses who are feeling the impact. Only time will tell if US Cloud hosting giants like Amazon Web Services or Rackspace will see a decline in international clients, or if Enterprise data security providers in Europe will see an increase in business, as distrust leads to loose wallets.
Ultimately, government spying’s legacy will be a new layer of enterprise security added in the value-chain between hosting providers and clients: “Our servers are guaranteed to be 99.9% free of government spying!” may find itself creeping into SLAs in the near future.